{"id":57522,"date":"2025-07-05T17:34:03","date_gmt":"2025-07-05T17:34:03","guid":{"rendered":""},"modified":"2025-08-31T08:55:19","modified_gmt":"2025-08-31T14:55:19","slug":"cve-2025-28990-critical-php-local-file-inclusion-vulnerability-in-sns-vicky","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-28990-critical-php-local-file-inclusion-vulnerability-in-sns-vicky\/","title":{"rendered":"CVE-2025-28990: Critical PHP Local File Inclusion Vulnerability in SNS Vicky<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity community has identified a critical vulnerability, tagged as CVE-2025-28990, affecting the popular snstheme SNS Vicky. This vulnerability, classified as a PHP Remote File Inclusion, could potentially allow attackers to include files from remote servers, leading to potential system compromise or data leakage. Given the severity and the widespread usage of the SNS Vicky, it is critical for all users and system administrators to understand the nature of this vulnerability<\/a>, implement necessary mitigation strategies, and stay updated on the latest security patches.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-28990
\nSeverity: Critical, CVSS Score of 8.1
\nAttack Vector: Remote
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n